[Skiboot] [PATCH v6a 2/4] secboot_tpm.c: increase tpmnv vars index size
Kenneth Goldman
kgoldman at us.ibm.com
Tue Sep 29 23:13:21 AEST 2020
I understand wanting some margin, but a 1024-byte subject seems excessive.
Don't we have control over the subject field? Can you find a safe but
smaller value.
The TPM is resource limited and NV is so useful for applications that
every developer should try to minimize the amount used.
> From: Eric Richter <erichte at linux.ibm.com>
> To: skiboot at lists.ozlabs.org
> Cc: klaus at linux.ibm.com, nayna at linux.ibm.com
> Date: 09/28/2020 06:07 PM
> Subject: [EXTERNAL] [Skiboot] [PATCH v6a 2/4] secboot_tpm.c:
> increase tpmnv vars index size
> Sent by: "Skiboot" <skiboot-bounces+kgoldman=us.ibm.com at lists.ozlabs.org>
>
> The TPM NV index size for storing the PK was originally set to 1024,
> which was determined to be a "smallest maximum" size that we
> determined to be enough to store the PK. However with overhead, this
> only allowed for about ~912 bytes, which is far too small to store a
> certificate, as it only permits about ~10 characters in the x509
> subject field.
>
> This patch increases the TPM NV Vars index to 2048 bytes, which is the
> largest size a single NV index can be on the Nuvoton npct650 chip.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/skiboot/attachments/20200929/108d2a2e/attachment-0001.htm>
More information about the Skiboot
mailing list